Methods, systems, and computer-readable media for automated selection of secure design patterns are disclosed. One or more graphs comprising a plurality of nodes and a plurality of edges are generated. At least a portion of the nodes represent software components and at least a portion of the edges represent relationships, and the one or more graphs comprise a plurality of sub-graphs. Using a graph analysis engine, the sub-graphs are analyzed for compliance with one or more security policies. A particular sub-graph is selected based at least in part on respective policy compliance of the sub-graphs. A design template is determined based at least in part on one or more software components in the particular sub-graph. The design template comprises a configuration compliant with the one or more security policies and is provided in a development environment.
Legal claims defining the scope of protection, as filed with the USPTO.
4. The system as recited in claim 1, wherein the graph analysis engine performs threat modeling on the sub-graphs using a rules engine, wherein the rules engine applies one or more rules to metadata associated with nodes and edges of the sub-graphs, and wherein the threat modeling determines whether one or more security vulnerabilities are present in the sub-graphs based at least in part on application of the one or more rules.
9. The method as recited in claim 8, wherein the categorizing for the particular sub-graph is performed using ownership metadata associated with the particular sub-graph, wherein the ownership metadata identifies a division within an organization.
10. The method as recited in claim 5, wherein the one or more policies comprise one or more security policies, and wherein the design template reduces security vulnerabilities.
11. The method as recited in claim 5, wherein the particular sub-graph is selected based on a larger size of the particular sub-graph in comparison to others of the sub-graphs.
12. The method as recited in claim 5, wherein the particular sub-graph is selected based on a smaller number of unmitigated security vulnerabilities of the particular sub-graph in comparison to others of the sub-graphs.
13. The method as recited in claim 5, wherein the particular sub-graph represents a design pattern, and wherein the particular sub-graph is selected based on a higher frequency of the design pattern among the sub-graphs in comparison to other design patterns.
14. The method as recited in claim 5, wherein the graph analysis engine performs threat modeling on the sub-graphs using a rules engine, wherein the rules engine applies one or more rules to metadata associated with nodes and edges of the sub-graphs, and wherein the threat modeling determines whether one or more security vulnerabilities are present in the sub-graphs based at least in part on application of the one or more rules.
15. The method as recited in claim 5, wherein the sub-graphs represent design patterns, wherein the design patterns are assigned respective scores based at least in part on the analysis, and wherein the particular sub-graph is selected based at least in part on the respective scores.
16. The method as recited in claim 15, wherein the design patterns are assigned the respective scores based at least in part on one or more performance metrics.
20. The one or more non-transitory computer-readable storage media as recited in claim 17, wherein the particular sub-graph represents a design pattern, and wherein the particular sub-graph is selected based on a higher frequency of the design pattern among the sub-graphs in comparison to other design patterns.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 29, 2018
December 24, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.